The Hacker News | Expert Insights

AI-driven vulnerability discovery is no longer a research project. Claude Mythos proved that. In a single sweep, it uncovered thousands of vulnerabilities in software we use every day, generated working exploits, and exposed bugs that had survived decades of human review. Other AI models are rapidly catching up, and we've entered into an entirely new operating environment for cybersecurity. The industry is treating this as a turning point, and it is. But not for the reason most people might think. The Real Problem Was Never Finding Vulnerabilities Most of the conversation around AI security focuses on discovery: AI can now identify vulnerabilities faster than human teams ever could. That is certainly true, but it also misses the larger operational reality organizations have been struggling with for years. Security teams were already overwhelmed long before AI entered the picture. Vulnerability scanners, fuzzers, and static analysis tools have consistently generated more...

For most managed service providers (MSPs), ransomware recovery is not a problem that affects one client at a time. It is a multitenant, high-pressure scenario where recovery failures impact multiple clients at once. Testing ransomware recovery is not just a technical exercise but a business-critical requirement. The green check of a successful backup job does not guarantee successful ransomware recovery. Attackers today do more than encrypt files. They compromise identity systems, alter configurations, and create persistence mechanisms that survive system restoration. So, a "clean" backup can still reintroduce dormant malware or broken dependencies into your environment. Recovery success depends on whether systems are usable, trusted and operational after restore, not whether data simply exists. Modern ransomware protection and recovery strategies require correlation between security events and backup data. Without that, MSPs are forced into guesswork across multiple cl...

As anticipation builds for the FIFA World Cup 2026, cybercriminals are rapidly scaling fraud operations designed to exploit global fan excitement, urgency, and trust in tournament-related content. CTM360 researchers identified more than 7,000 FIFA World Cup 2026-themed domains, including over 4,500 newly registered domains observed within the last five months alone . More than 1,000 malicious or fraudulent websites have already been activated, alongside over 1,000 social media impersonation accounts operating across major platforms. The activity highlights how threat actors increasingly treat major global sporting events as large-scale monetization opportunities, combining fake ticket sales, fraudulent streaming platforms, betting scams, malware delivery, and social engineering into coordinated fraud ecosystems. Unlike isolated phishing attempts, these campaigns operate through repeatable fraud lifecycles that mirror organized cybercrime operations. CTM360's Fraud Navigator ...

Identity sprawl, agentic AI risk, and the path to NHI governance maturity When security leaders talk about identity risk, the conversation almost always centers on humans: Privileged users, compromised accounts, insider threats. But for most enterprises, the greater risk has already shifted. And it has nothing to do with your employees. Non-human identities (NHIs) — service accounts, API keys, OAuth tokens, SSH keys, RPA bots, cloud workload credentials and AI agents — are the fastest-growing, least-governed attack surface in the modern enterprise. And the industry is beginning to reckon with what that means. $4.88M Global average cost of a data breach — IBM Cost of a Data Breach 2024 The scope of the problem The numbers are striking. Research from Rubrik Zero Labs puts the NHI-to-human identity ratio at 45:1 in the modern enterprise. For cloud-native and DevOps environments, Entro Labs H1 2025 research puts that figure at 144:1.  These identities are not passive: They au...

BEC accounted for over $3 billion in reported losses last year alone. Most organizations don’t realize they’re exposed until it’s too late. Here’s how to tell if your defenses have gaps. Business email compromise doesn’t announce itself. There’s no ransomware splash screen, no locked files, no dramatic system outage. Instead, a finance team member processes what looks like a routine vendor payment update. A controller wires funds based on what appears to be a CFO’s direct request. By the time anyone notices, the money is gone. The FBI IC3’s 2024 Internet Crime Report documented $55 billion in cumulative BEC losses over the past decade, with $3 billion in 2024 alone — making it the most financially destructive enterprise-targeted cyber threat in the country. The challenge with BEC is that it exploits trust, not technology. These attacks carry no malicious payload for a gateway to catch — just carefully crafted messages designed to manipulate human judgment. That makes traditional de...

Attackers embraced AI in 2024. They are running attacks at agentic speed now. Security operations mostly aren't moving at the same pace. The mismatch between attack speed and response speed is now the most exploitable condition in most environments.  We recently ran an analysis on healthcare organizations using Check Point Exposure Management . One tertiary hospital had reduced its mean time to remediate (MTTR) to 0.87 hours. Zero IPS bypass events. 100% hardening effectiveness. Sub-one-hour MTTR, at scale, in a regulated healthcare environment where change control alone used to take days. We did not get there from patching faster. It came from changing the model entirely. The Asymmetry Nobody Talks About The security industry spent years optimizing detection. Feed more signals into SIEM, add more correlation rules, build bigger dashboards. Detection got faster. But remediation stayed manual, sequential, and slow. Meanwhile, attackers didn't wait. They adopted agentic to...

The conversation around Anthropic's Claude Mythos Preview has understandably centered on zero-days. If AI systems can identify and exploit vulnerabilities across every operating system and browser at scale, defenders have to assume that exploit timelines will keep compressing. But for CISOs, the harder question is how long exposed access credentials remain valid after defenders discover the exposure. Credentials determine how far an attacker can move, how long they can persist, and how difficult containment becomes. A vulnerability just gets them in the door. That gap between time-to-exploit and time-to-revoke is where many organizations are most exposed. GitGuardian's State of Secret Sprawl report shows 64% of valid secrets detected in 2022 were still active and exploitable four years later in an environment where exploitation now collapses to hours. Vulnerabilities get attackers in the door, but credentials decide how far they go. The Mythos-ready briefing , developed b...

Phishing emails have reached a point where they can fool both people and the tools designed to stop them. For anyone working through a packed inbox, it’s easy to trust what looks familiar and click without a second thought. What’s worrying is that phishing is rarely the end goal. It’s usually the entry point for something much bigger: a ransomware attack. Once attackers gain access, they don’t act immediately. They move through systems, map connections, and prepare the environment. By the time ransomware is deployed, it’s the final step — not the first. To stay ahead, you need protection at two critical points. An advanced email security solution that catches even the most stealthy phishing attempts, and a strong BCDR strategy that lets you restore data quickly and avoid paying a ransom if something slips through. Why phishing remains so effective Phishing works because it plays on human behavior. Email may seem like a simple communication tool, but it functions as a decision-mak...